3bd1a9cfe143b6e720d4f4c00069d530_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3bd1a9cfe143b6e720d4f4c00069d530_NeikiAnalytics.exe
Size

1.2MB
MD5

3bd1a9cfe143b6e720d4f4c00069d530
SHA1

ec0effc5160114a05ad02ef691df2ffeaa9bac05
SHA256

15a46bd1b1adf636e7d016309bc6d0b58ce4114b7715b8b032a29869b506049a
SHA512

41a73ae171d8f95e233bde9140746c1316f766656fba0ec99eeb06f0411cab34d8d3bcf296844d0631b5a781424a47f421fd2a399e8157ac9a5ea470d36682dd
SSDEEP

12288:tRZ9KXI7vgbrWVQhTCYHvRktx/aICF9flefuKaO0VQ/:pX743TvRk6NwG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bd1a9cfe143b6e720d4f4c00069d530_NeikiAnalytics.exe

Files

3bd1a9cfe143b6e720d4f4c00069d530_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

adfbd721708e2f2ac421966841e3ff3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\modi\x86\ship\0\mspocrdc.pdb

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
SetEvent
GetExitCodeThread
WaitForSingleObjectEx
CreateEventW
CloseHandle
WaitForSingleObject
ExitThread
CopyFileW
MoveFileExW
DeleteFileW
CreateProcessW
GetFileAttributesW
GetTempFileNameW
GetTempPathW
LoadResource
WideCharToMultiByte
GetStringTypeExW
GetSystemTimeAsFileTime
GetSystemTime
LoadLibraryExW
GetTempPathA
GetTempFileNameA
CreateProcessA
GetProcessHeap
GetTickCount
QueryPerformanceCounter
VirtualProtect
LoadLibraryA
FormatMessageA
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetModuleHandleW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
HeapFree
FindResourceW
LocalFree
GetLocalTime
lstrlenW
LocalAlloc
GetUserDefaultLCID
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
LoadLibraryW
GetProcAddress
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapAlloc
InterlockedExchange

user32

MessageBoxA
RemovePropW
GetPropW
SetPropW
GetWindowLongW
SetWindowLongW
GetWindowLongA
IsWindowUnicode
TranslateMessage
PeekMessageW
UnregisterClassA
CharNextW
LoadStringW
DispatchMessageW
GetMessageW
PostThreadMessageW
WaitForInputIdle
SendMessageTimeoutW
GetSystemMetrics
FindWindowW
IsCharAlphaW
IsCharAlphaNumericW

advapi32

RegQueryValueExA
GetUserNameA
GetUserNameW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA

iprop

PropVariantClear

ole32

CoRevokeClassObject
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
StringFromCLSID
OleInitialize
CoCreateInstance
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

msvcr80

memmove_s
_beginthreadex
_invalid_parameter_noinfo
_wsplitpath_s
_wmakepath_s
_itow_s
_vsnprintf
_vsnwprintf
wcsrchr
vswprintf_s
vsprintf_s
fclose
fwprintf_s
fopen_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
??0exception@std@@QAE@ABV01@@Z
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
wcstok_s
_wcsicmp
memset
_recalloc
??_U@YAPAXI@Z
memcpy_s
_wcmdln
malloc
??2@YAPAXI@Z
__CxxFrameHandler3
wcscat_s
wcsncpy_s
wcscpy_s
_CxxThrowException
free
??3@YAXPAX@Z
_time64
rand
srand
_wtol
??_V@YAXPAX@Z

msvcp80

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

mspgimme

SetupGimme
EPLoadMSO

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

adfbd721708e2f2ac421966841e3ff3c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

iprop

ole32

oleaut32

msvcr80

msvcp80

mspgimme

Sections

.text Size: 63KB - Virtual size: 62KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 63KB - Virtual size: 62KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB